The following issue might happen when installing SCOM 2016 reporting on a SQL 2016 server and trying to access the SSRS report server URL with a non SCOM administrator user (but which has admin rights on SSRS level): "Could not load folder contents. You are not allowed to view this folder. Contact your administrator to obtain the necessary permissions"

The reports however are viewable in the SCOM console so the AccessDeniedException occurs on SQL level only.

If you see alerts that were generated by a windows service template based monitor for a uncommon instance type (like non windows computer) this article might apply to you.
These type of alerts get generated almost hourly and have the following format:

Error when calling service statusService: ServiceNameError: 0x8007000eDetails: There is not enough memory to complete this operationAt least one workflow is affected

The false positive alerts occur due to the design of the Windows Service discovery based on the template which targets all windows computers, not only ones hosted on agents. The discovery is also marked with remotable=true so the discovery runs also on agentless windows computer.
As a workaround you can create an override which disables the discoveries sending out false positive and as a target select the instance which should not raise the alerts (for example SQL AG listener windows computer object).
After this it is important to run the PowerShell-Cmdlet „Remove-SCOMDisabledClassInstance“ otherwise the change will not be applied.

With SCOM 2016 (+/-UR1) sometimes when trying to create a new maintenance mode schedule the following error is displayed:

The EXECUTE permission was denied on the object 'sp_help_jobactivity', database 'msdb', schema 'dbo'.The data access service account might not have the required permissions

As a workaround for this, we can grant this right. Please note that if the System Center Data Access service is running under local system , the permission will have to be granted for the computer account ( of all management servers)

use msdb
go
Grant Execute ON OBJECT::[dbo].[sp_help_jobactivity] To [domain\username]

Further, when proceeding with the creation of the MM schedule a further error appears:

Microsoft.EnterpriseManagement.Common.ServerDisconnectedException: The client has been disconnected from the server. Please call ManagementGroup.Reconnect() to reestablish the connection. ---> System.ServiceModel.CommunicationObjectFaultedException: The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state. Server stack trace: at System.ServiceModel.Channels.CommunicationObject.ThrowIfFaulted() at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

To solve this, grant the following rights for the SDK/DAS account(or if local system to the MS computer accounts) to the MSDB database:

SQLAgentOperatorRole

SQLAgentReaderRole

SQLAgentUserRole

What I saw is that if these rights are not added the error is not displayed if the SDK is running under a local system account, but will create a bulk of maintenance schedules and will cause a flood of data and SQL agent jobs. Trying to add/delete maintenance schedules from the SCOM console will just time out after this. It does not make a difference if powershell commandlets are used instead.

So if a lot of "invalid" maintenance schedule entries and jobs are created, make sure the above rights are added for the MS computer account on the MSDB database.

Also when creating a maintenance schedule and you select more then 216 target objects (instances or groups) the following error might occur:“The client has been disconnected from the server. Please call ManagementGroup.Reconnect() to reestablish the connection.”

Workaround:

Create a single group or multiple groups with all the objects you would like to add in the maintenance schedule

Create a maintenance schedule with these groups (number of groups should be less than 216)

Sometimes the OMS portal seems to have various issues, so I will write about some that I encounter.

For example "HTTP Error 400. The size of the request headers is too long"

Usually this error happens if there is a corruption in the browser cache or cookies.

What to try which usually solves the issue: clear the browser cache/cookies and browsing history : http://www.thewindowsclub.com/delete-browsing-history-cookies-data-edge

Workarounds:

-open browser in private mode (incognito)

-test across other browsers

]]>https://blogs.technet.microsoft.com/silvana/2017/09/12/oms-portal-issues-http-error-400/feed/3[OMS] ‘Session Expired’ even if the user is working in the OMS portalhttps://blogs.technet.microsoft.com/silvana/2016/11/21/oms-session-expired-even-if-the-user-is-working-in-the-oms-portal/
https://blogs.technet.microsoft.com/silvana/2016/11/21/oms-session-expired-even-if-the-user-is-working-in-the-oms-portal/#commentsMon, 21 Nov 2016 10:50:50 +0000https://blogs.technet.microsoft.com/silvana/?p=1515Hello,

Just a short post on an OMS issue.

If you are working in the OMS portal and are getting despite of this a 'Session Expired' message, please make sure the user you are logged in with, is an administrator in the OMS portal (under Settings->Accounts->Manage Users).

If the workspace is created from the Azure portal, it might be that the user is not part of this group. To be sure you don`t get this message, you should create the workspace directly from the OMS portal, this way the user is added automatically to the admin group.

I wanted to write an article on the new SM HTML5 portal, because one of the issues it has is that submitted service requests and incidents in the Portal enter a closed state.

This was fixed with UR2, however even after installing this fix custom states also are displayed with the closed states. So the portal does not know about the custom state and will set as a default state all SR or incidents like this.

I made also a repro for this, so I will also post the steps on how I got to it, as a quick version:
1.create a custom SR status, save it into an MP, in this case CustomMPSts

2. use PS to update an SR status to a custom state (previously created)

The closed status is set also for states like: completed, failed, on hold, cancelled. This is by design, but you can edit this in the portal.

The FIX:

In order to change the way states are displayed, you will have to edit the web.config of the SM Self Service Portal

Here is the official documentation for on how to achieve this:
By default, the portal puts custom enumerations for My Request (incident & Service Requests) states in the Closed filter category. Now the portal allows for customization to map required custom states to the Active filter category also. For more details check for “CustomActiveRequestStatusEnumList” under “Basic Customization” section on this link.https://technet.microsoft.com/en-us/library/mt622142%28v=sc.12%29.aspx

Basic Customization
The <appSettings> tab in the Web.config file offers some standard settings to easily customize and personalize the areas which are most often modified. Here’s a list of them

CustomActiveRequestStatusEnumList By default, the Self Service portal puts custom enumerations for My Request (incident and service requests) states in the Closed filter category. This key allows customization to map required custom states to the Active filter category. The value of this key should be a comma separated list containing EnumTypeName values of enumerations which are required to be mapped with the Active category in the Self Service Portal. You can look for desired custom states labeled EnumTypeName in the EnumType table, using the following example.

SELECT [EnumTypeName]

FROM [<Service Manager DB name, which by default is “ServiceManager”>].[dbo].[EnumType]

So for the custom states to be displayed correctly, we have to get the corresponding EnumTypeName from the DB (or MP) and edit it in the web.config under the AppSetting, attribute: CustomActiveRequestStatusEnumList
The EnumType has a form like Enum.e6afdb9a20aa4cdbabcd5ef24369f900[GUID], so you can search in the MP after this.

if you have problems with the SCOM console crashing (regardless of OS) after installing the October 2016 security patches and the following event logged in the Application event log on the affected computer, you will be looking for this fix.

]]>https://blogs.technet.microsoft.com/silvana/2016/10/19/scom-console-crash-fix-due-to-october-security-patches-kb-3192392-is-released/feed/2[SCOM] Agent installation/upgrade Error 25211 Failed to install performance countershttps://blogs.technet.microsoft.com/silvana/2016/09/15/scom-agent-installationupgrade-error-25211-failed-to-install-performance-counters/
https://blogs.technet.microsoft.com/silvana/2016/09/15/scom-agent-installationupgrade-error-25211-failed-to-install-performance-counters/#respondThu, 15 Sep 2016 11:38:49 +0000https://blogs.technet.microsoft.com/silvana/?p=1475If you have some servers where the SCOM Agent is either failing to install or get upgraded (with or without the NOAPM switch) with the following error:
„Error 2511. Failed to install performance Counters.. Error Code -2147024809 (Wrong Parameters)" and in the installation log following error "InstallPerfCountersLib: InstallHealthServicePerfCounters() failed . Error Code: 0x80070057. " you might be having an issue with the SDDL.

Apparently the SCOM installer checks the following registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\customsd

If the value is corrupt or an SID is invalid (the account does not exist anymore) you might get this error.

]]>https://blogs.technet.microsoft.com/silvana/2016/09/15/scom-agent-installationupgrade-error-25211-failed-to-install-performance-counters/feed/0[Orchestrator] Orchestration Console and Web Service are not working anymorehttps://blogs.technet.microsoft.com/silvana/2016/08/11/orchestrator-orchestration-console-and-web-service-are-not-working-anymore/
https://blogs.technet.microsoft.com/silvana/2016/08/11/orchestrator-orchestration-console-and-web-service-are-not-working-anymore/#commentsThu, 11 Aug 2016 11:35:39 +0000https://blogs.technet.microsoft.com/silvana/?p=1455If you have the problem that the Orchestration Console and Web Service cannot be opened and the following error is logged:

The server encountered an error processing the request. The exception message is 'An error occurred while executing the command definition. See the inner exception for details.'. See server logs for more details. The exception stack trace is: System.Data.EntityClient.EntityCommandDefinition.ExecuteStoreCommands(EntityCommand entityCommand, CommandBehavior behavior)

You might be missing some objects in the Orchestrator DB... exactly what will show up in a WCF Trace configured in the web.config of the web service.

In one case, the following Service 'http://schemas.microsoft.com/SystemCenter/Orchestrator/Maintenance/MaintenanceService' and Queue [Microsoft.SystemCenter.Orchestrator.Maintenance].[MaintenanceServiceQueue] were missing from the Orchestrator DB, so a first check would be here.

If not a quicker way to solve this issue would be a restore of the Orchestrator DB to a time prior to this error.

The service and queue can be recreated manually by running the following queries on the Orchestrator DB: